vlib/crypto/bcrypt: Add bcrypt (#12595)

vlib/crypto/bcrypt/bcrypt.v

@@ -0,0 +1,182 @@
+module bcrypt
+
+import encoding.base64
+import crypto.rand
+import crypto.blowfish
+
+pub const (
+	min_cost              = 4
+	max_cost              = 31
+	default_cost          = 10
+	solt_length           = 16
+	max_crypted_hash_size = 23
+	encoded_salt_size     = 22
+	encoded_hash_size     = 31
+	min_hash_size         = 59
+
+	major_version         = '2'
+	minor_version         = 'a'
+)
+
+pub struct Hashed {
+mut:
+	hash  []byte
+	salt  []byte
+	cost  int
+	major string
+	minor string
+}
+
+const magic_cipher_data = [byte(0x4f727068), 0x65616e42, 0x65686f6c, 0x64657253, 0x63727944,
+	0x6f756274]
+
+pub fn generate_from_password(password []byte, cost int) ?string {
+	mut p := new_from_password(password, cost) or { return error('Error: $err') }
+
+	return string(p.hash_byte())
+}
+
+pub fn compare_hash_and_password(password []byte, hashed_password []byte) ? {
+	mut p := new_from_hash(hashed_password) or { return error('Error: $err') }
+	p.salt << '=='.bytes()
+	other_hash := bcrypt(password, p.cost, p.salt) or { return error('err') }
+
+	mut other_p := Hashed{
+		hash: other_hash
+		salt: p.salt
+		cost: p.cost
+		major: p.major
+		minor: p.minor
+	}
+
+	if string(p.hash_byte()) != string(other_p.hash_byte()) {
+		return error('mismatched hash and password')
+	}
+}
+
+pub fn generate_salt() string {
+	randbytes := rand.read(bcrypt.solt_length) or { panic(err) }
+	return randbytes.bytestr()
+}
+
+fn new_from_password(password []byte, cost int) ?&Hashed {
+	mut cost_ := cost
+	if cost < bcrypt.min_cost {
+		cost_ = bcrypt.default_cost
+	}
+	mut p := Hashed{}
+	p.major = bcrypt.major_version
+	p.minor = bcrypt.minor_version
+
+	if cost_ < bcrypt.min_cost || cost_ > bcrypt.max_cost {
+		return error('invalid cost')
+	}
+	p.cost = cost_
+
+	p.salt = base64.encode(generate_salt().bytes()).bytes()
+	hash := bcrypt(password, p.cost, p.salt) or { return err }
+	p.hash = hash
+	return &p
+}
+
+fn new_from_hash(hashed_secret []byte) ?&Hashed {
+	mut tmp := hashed_secret.clone()
+	if tmp.len < bcrypt.min_hash_size {
+		return error('hash to short')
+	}
+
+	mut p := Hashed{}
+	mut n := p.decode_version(tmp) or { return err }
+	tmp = tmp[n..]
+
+	n = p.decode_cost(tmp) or { return err }
+	tmp = tmp[n..]
+
+	p.salt = tmp[..bcrypt.encoded_salt_size].clone()
+	p.hash = tmp[bcrypt.encoded_salt_size..].clone()
+
+	return &p
+}
+
+fn bcrypt(password []byte, cost int, salt []byte) ?[]byte {
+	mut cipher_data := []byte{len: 72 - bcrypt.magic_cipher_data.len, init: 0}
+	cipher_data << bcrypt.magic_cipher_data
+
+	mut bf := expensive_blowfish_setup(password, u32(cost), salt) or { return err }
+
+	for i := 0; i < 24; i += 8 {
+		for j := 0; j < 64; j++ {
+			bf.encrypt(mut cipher_data[i..i + 8], cipher_data[i..i + 8])
+		}
+	}
+
+	hsh := base64.encode(cipher_data[..bcrypt.max_crypted_hash_size])
+	return hsh.bytes()
+}
+
+fn expensive_blowfish_setup(key []byte, cost u32, salt []byte) ?&blowfish.Blowfish {
+	csalt := base64.decode(salt.bytestr())
+
+	mut bf := blowfish.new_salted_cipher(key, csalt) or { return err }
+
+	mut i := u64(0)
+	mut rounds := u64(0)
+	rounds = 1 << cost
+	for i = 0; i < rounds; i++ {
+		blowfish.expand_key(key, mut bf)
+		blowfish.expand_key(csalt, mut bf)
+	}
+
+	return &bf
+}
+
+fn (mut h Hashed) hash_byte() []byte {
+	mut arr := []byte{len: 60, init: 0}
+	arr[0] = '$'.bytes()[0]
+	arr[1] = h.major.bytes()[0]
+	mut n := 2
+	if h.minor != '0' {
+		arr[2] = h.minor.bytes()[0]
+		n = 3
+	}
+	arr[n] = '$'.bytes()[0]
+	n++
+	copy(arr[n..], '${int(h.cost):02}'.bytes())
+	n += 2
+	arr[n] = '$'.bytes()[0]
+	n++
+	copy(arr[n..], h.salt)
+	n += bcrypt.encoded_salt_size
+	copy(arr[n..], h.hash)
+	n += bcrypt.encoded_hash_size
+	return arr[..n]
+}
+
+fn (mut h Hashed) decode_version(sbytes []byte) ?int {
+	if sbytes[0] != '$'.bytes()[0] {
+		return error("bcrypt hashes must start with '$'")
+	}
+	if sbytes[1] != bcrypt.major_version.bytes()[0] {
+		return error('bcrypt algorithm version $bcrypt.major_version')
+	}
+	h.major = sbytes[1].ascii_str()
+	mut n := 3
+	if sbytes[2] != '$'.bytes()[0] {
+		h.minor = sbytes[2].ascii_str()
+		n++
+	}
+	return n
+}
+
+fn (mut h Hashed) decode_cost(sbytes []byte) ?int {
+	cost := string(sbytes[0..2]).int()
+	check_cost(cost) or { return err }
+	h.cost = cost
+	return 3
+}
+
+fn check_cost(cost int) ? {
+	if cost < bcrypt.min_cost || cost > bcrypt.max_cost {
+		return error('invalid cost')
+	}
+}

vlib/crypto/bcrypt/bcrypt_test.v

@@ -0,0 +1,11 @@
+import crypto.bcrypt
+
+fn test_crypto_bcrypt() {
+	hash := bcrypt.generate_from_password('password'.bytes(), 10) or { panic(err) }
+
+	bcrypt.compare_hash_and_password('password'.bytes(), hash.bytes()) or { panic(err) }
+
+	bcrypt.compare_hash_and_password('password2'.bytes(), hash.bytes()) or {
+		assert err == error('mismatched hash and password')
+	}
+}

vlib/crypto/blowfish/block.v

@@ -0,0 +1,142 @@
+module blowfish
+
+pub fn expand_key(key []byte, mut bf Blowfish) {
+	mut j := 0
+	for i := 0; i < 18; i++ {
+		mut d := u32(0)
+		for k := 0; k < 4; k++ {
+			d = d << 8 | u32(key[j])
+			j++
+			if j >= key.len {
+				j = 0
+			}
+		}
+		bf.p[i] ^= d
+	}
+
+	mut l := u32(0)
+	mut r := u32(0)
+	for i := 0; i < 18; i += 2 {
+		arr := encrypt_block(l, r, mut bf)
+		bf.p[i], bf.p[i + 1] = arr[0], arr[1]
+	}
+
+	for i := 0; i < 256; i += 2 {
+		arr := encrypt_block(l, r, mut bf)
+		bf.s[0][i], bf.s[0][i + 1] = arr[0], arr[1]
+	}
+	for i := 0; i < 256; i += 2 {
+		arr := encrypt_block(l, r, mut bf)
+		bf.s[1][i], bf.s[1][i + 1] = arr[0], arr[1]
+	}
+	for i := 0; i < 256; i += 2 {
+		arr := encrypt_block(l, r, mut bf)
+		bf.s[2][i], bf.s[2][i + 1] = arr[0], arr[1]
+	}
+	for i := 0; i < 256; i += 2 {
+		arr := encrypt_block(l, r, mut bf)
+		bf.s[3][i], bf.s[3][i + 1] = arr[0], arr[1]
+	}
+}
+
+pub fn expand_key_with_salt(key []byte, salt []byte, mut bf Blowfish) {
+	mut j := 0
+	for i := 0; i < 18; i++ {
+		bf.p[i] ^= get_next_word(key, &j)
+	}
+
+	j = 0
+
+	mut l := u32(0)
+	mut r := u32(0)
+	for i := 0; i < 18; i += 2 {
+		l ^= get_next_word(key, &j)
+		r ^= get_next_word(key, &j)
+		arr := encrypt_block(l, r, mut bf)
+		bf.p[i], bf.p[i + 1] = arr[0], arr[1]
+	}
+
+	for i := 0; i < 256; i += 2 {
+		l ^= get_next_word(key, &j)
+		r ^= get_next_word(key, &j)
+		arr := encrypt_block(l, r, mut bf)
+		bf.s[0][i], bf.s[0][i + 1] = arr[0], arr[1]
+	}
+	for i := 0; i < 256; i += 2 {
+		l ^= get_next_word(key, &j)
+		r ^= get_next_word(key, &j)
+		arr := encrypt_block(l, r, mut bf)
+		bf.s[1][i], bf.s[1][i + 1] = arr[0], arr[1]
+	}
+	for i := 0; i < 256; i += 2 {
+		l ^= get_next_word(key, &j)
+		r ^= get_next_word(key, &j)
+		arr := encrypt_block(l, r, mut bf)
+		bf.s[2][i], bf.s[2][i + 1] = arr[0], arr[1]
+	}
+	for i := 0; i < 256; i += 2 {
+		l ^= get_next_word(key, &j)
+		r ^= get_next_word(key, &j)
+		arr := encrypt_block(l, r, mut bf)
+		bf.s[3][i], bf.s[3][i + 1] = arr[0], arr[1]
+	}
+}
+
+fn encrypt_block(l u32, r u32, mut bf Blowfish) []u32 {
+	mut xl := l
+	mut xr := r
+	xl ^= bf.p[0]
+	xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
+		bf.s[3][byte(xl)] ^ bf.p[1]
+	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
+		bf.s[3][byte(xr)] ^ bf.p[2]
+	xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
+		bf.s[3][byte(xl)] ^ bf.p[3]
+	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
+		bf.s[3][byte(xr)] ^ bf.p[4]
+	xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
+		bf.s[3][byte(xl)] ^ bf.p[5]
+	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
+		bf.s[3][byte(xr)] ^ bf.p[6]
+	xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
+		bf.s[3][byte(xl)] ^ bf.p[7]
+	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
+		bf.s[3][byte(xr)] ^ bf.p[8]
+	xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
+		bf.s[3][byte(xl)] ^ bf.p[9]
+	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
+		bf.s[3][byte(xr)] ^ bf.p[10]
+	xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
+		bf.s[3][byte(xl)] ^ bf.p[11]
+	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
+		bf.s[3][byte(xr)] ^ bf.p[12]
+	xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
+		bf.s[3][byte(xl)] ^ bf.p[13]
+	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
+		bf.s[3][byte(xr)] ^ bf.p[14]
+	xr ^= ((bf.s[0][byte(xl >> 24)] + bf.s[1][byte(xl >> 16)]) ^ bf.s[2][byte(xl >> 8)]) +
+		bf.s[3][byte(xl)] ^ bf.p[15]
+	xl ^= ((bf.s[0][byte(xr >> 24)] + bf.s[1][byte(xr >> 16)]) ^ bf.s[2][byte(xr >> 8)]) +
+		bf.s[3][byte(xr)] ^ bf.p[16]
+	xr ^= bf.p[17]
+	return [xl, xr]
+}
+
+fn get_next_word(b []byte, pos &int) u32 {
+	mut w := u32(0)
+	mut j := 0
+	unsafe {
+		j = *pos
+	}
+	for i := 0; i < 4; i++ {
+		w = w << 8 | u32(b[j])
+		j++
+		if j >= b.len {
+			j = 0
+		}
+	}
+	unsafe {
+		*pos = j
+	}
+	return w
+}

vlib/crypto/blowfish/blowfish.v

@@ -0,0 +1,37 @@
+module blowfish
+
+pub struct Blowfish {
+pub mut:
+	p [18]u32
+	s [4][256]u32
+}
+
+pub fn new_cipher(key []byte) ?Blowfish {
+	mut bf := Blowfish{p, s}
+	if key.len < 1 || key.len > 56 {
+		return error('invalid key')
+	}
+	expand_key(key, mut bf)
+
+	return bf
+}
+
+pub fn new_salted_cipher(key []byte, salt []byte) ?Blowfish {
+	if salt.len == 0 {
+		return new_cipher(key)
+	}
+	mut bf := Blowfish{p, s}
+	if key.len < 1 {
+		return error('invalid key')
+	}
+	expand_key_with_salt(key, salt, mut bf)
+	return bf
+}
+
+pub fn (mut bf Blowfish) encrypt(mut dst []byte, src []byte) {
+	l := u32(src[0]) << 24 | u32(src[1]) << 16 | u32(src[2]) << 8 | u32(src[3])
+	r := u32(src[4]) << 24 | u32(src[5]) << 16 | u32(src[6]) << 8 | u32(src[7])
+	arr := encrypt_block(l, r, mut bf)
+	dst[0], dst[1], dst[2], dst[3] = byte(arr[0] >> 24), byte(arr[0] >> 16), byte(arr[0] >> 8), byte(arr[0])
+	dst[4], dst[5], dst[6], dst[7] = byte(arr[1] >> 24), byte(arr[1] >> 16), byte(arr[1] >> 8), byte(arr[1])
+}

vlib/crypto/blowfish/blowfish_test.v

@@ -0,0 +1,8 @@
+import crypto.blowfish
+import encoding.base64
+
+fn test_crypto_blowfish() {
+	key := 'password'.bytes()
+	csalt := base64.decode('an2da3dn')
+	bf := blowfish.new_salted_cipher(key, csalt) or { panic(err) }
+}